robertchong/dns-record-types.md

Created May 7, 2026 20:45

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Select an option

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/robertchong/c1d37a7f7b1629468310ec5e59980d5e.js"></script>
Save robertchong/c1d37a7f7b1629468310ec5e59980d5e to your computer and use it in GitHub Desktop.

Download ZIP

DNS Record Types Reference

Raw

dns-record-types.md

DNS Record Types Reference

Core Records

Record	Full Name	Purpose	Example
`A`	Address	Maps a domain to an IPv4 address	`bla.com` → `93.184.216.34`
`AAAA`	IPv6 Address	Maps a domain to an IPv6 address	`bla.com` → `2606:2800:220:1:248:1893:25c8:1946`
`CNAME`	Canonical Name	Alias — maps a domain to another domain	`www.bla.com` → `bla.com`
`TXT`	Text	Stores arbitrary text, used for verification & metadata	`"apple-domain-verification=abc123"`

Delegation & Authority

Record	Full Name	Purpose	Example
`NS`	Name Server	Specifies authoritative DNS servers for the domain	`bla.com` → `ns1.provider.com`
`SOA`	Start of Authority	Zone metadata — serial number, TTL defaults, admin contact. Every domain has exactly one.	—

Traffic & Routing

Record	Full Name	Purpose	Example
`MX`	Mail Exchange	Points to the mail server responsible for receiving email	`bla.com` → `mail.provider.com` (priority 10)
`SRV`	Service	Specifies host and port for specific services	VoIP, chat, game servers
`PTR`	Pointer	Reverse DNS — maps an IP back to a domain (opposite of A)	`93.184.216.34` → `bla.com`
`NAPTR`	Naming Authority Pointer	Used in telephony/VoIP for number-to-URI mapping	—

Security

Record	Full Name	Purpose	Example
`CAA`	Certification Authority Authorization	Restricts which CAs can issue SSL certs for your domain	`"0 issue letsencrypt.org"`
`TLSA`	TLS Authentication	Pins a specific TLS certificate to a domain (DANE)	—
`DNSKEY`	DNS Key	Public key used by DNSSEC to verify signed records	—
`DS`	Delegation Signer	Links a child zone's DNSKEY to the parent zone (DNSSEC)	—

Email Authentication

These are stored as TXT records under the hood, but serve distinct and well-defined purposes.

Record	Full Name	Purpose	Example
`SPF`	Sender Policy Framework	Defines which servers are authorised to send email on your behalf	`"v=spf1 include:provider.com ~all"`
`DKIM`	DomainKeys Identified Mail	Public key used to verify cryptographic email signatures	`"v=DKIM1; k=rsa; p=..."`
`DMARC`	Domain-based Message Authentication	Policy telling receivers what to do when SPF/DKIM fails	`"v=DMARC1; p=reject; rua=mailto:reports@bla.com"`

Quick Cheat Sheet

I want to...	Record to use
Point my domain to a server	`A` / `AAAA`
Create an alias for my domain	`CNAME`
Set up email for my domain	`MX`
Verify domain ownership (Apple, Google, etc.)	`TXT`
Protect against email spoofing	`SPF`, `DKIM`, `DMARC`
Restrict SSL certificate issuance	`CAA`
Find who manages a domain's DNS	`NS`
Reverse-lookup an IP address	`PTR`

Last updated: May 2026

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment